ssh-keyfetch

ssh-keyfetch — Host key tool for the Secure Shell client

Synopsis

ssh-keyfetch [options...] [host]

Description

ssh-keyfetch(ssh-keyfetch.exe on Windows) is a tool that downloads server host keys and optionally sets them as known host keys for the Secure Shell client. It is typically used by the system administrator during the initial setup phase.

By default the host key is fetched from the server and saved in file key_host_port.suffix in the current directory.

Options

The following options are available:

-a, --set-trusted

Instead of writing the public key to a file, add the public key as a known host key to the user-specific directory: $HOME/.ssh2/hostkeys (%APPDATA%\SSH\HostKeys on Windows). This option cannot be combined with -C or -K.

Caution

When ssh-keyfetch is run with the -a option, it accepts the received host keys automatically without prompting the user. You should verify the validity of keys by verifying the key fingerprints after receiving them or you risk being subject to a man-in-the-middle attack.

To validate the host key, obtain the host key fingerprint from a trusted source (for example by calling the server administrator) and verify it against the output from command:

ssh-keygen-g3 --fingerprint <hostname>

-A, --fetch-any

Probe for and fetch either server public key or certificate.

-C, --fetch-certificate

Probe for and fetch the server certificate only.

-d, --debug debug-level

Enable debugging.

-D, --debug-default

Enable debugging with default level.

-f, --filename-format nameformat

Filename format for known host keys. Accepted values are plain and hashed. The default is plain.